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Remarks 

Reconsideration is requested in view of the following remarks. Claim 11 is amended to 
correct an obvious typographical error and new claims 23-26 are presented for consideration. 
Upon entry of this Amendment, claims 1-5, 7-12, 14, and 19-26 are pending. Claims 1, 9, and 
25-26 are independent. Support for new claims 23-26 can be foimd in the application at, for 
example, pages 19-20. No new matter is introduced. 

Response to Advisory Action 

The Advisory Action of July 21, 2009 states that new claims 23-24 presented m the July 
9, 2009 Amendment after Final (and included in this Amendment) present new issues that 
require further consideration and search. Applicants request examination of these new claims. 
In addition, the Advisory Action states that Odom, col. 4, lines 31-36 describes a system that 
passively collects mouse movement data. Applicants respectfiilly disagree as discussed below. 

Claim Rejections under 35 U.S.C. §103 in View of Brown and Odom 

Claims 1, 2, 9-12, and 19 stand rejected as obvious from a combination of Brown et al., 
U.S. Patent 5,557,686 (hereinafter Brown) and Odom, U.S. Patent 7,350,078 (hereinafter Odom). 
This rejection is traversed. 

Neither Brown nor Odom teaches or suggests at least "a data interception unit for 
receiving inputs from a user, wherein the data interception unit is configured to passively collect 
mouse data generated in response to the user" as recited in claim 1 . 

In confrast to claim 1, both Brown and Odom teach actively receiving data that is 
generated in response to predetermined keystroke sequences or predetermined mouse gestures. 
For example, according to Brown, user access is provided as follows: 

sample is from an authorized user. Last, when a user desires 
30 access to the system, the user types the previously deter- 
mined keystroke sequence which is constructed into a vector 
and fed into the trained neural networic. Note that alternative 

See Brown, col. 2, lines 29-32. Thus, Brown merely teaches that authorization is based on the 
user duplicating a previously entered keystroke sequence. 
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Odom fails to cure the deficiencies of Brown. According to Odom, data submissions by 
a user can be passively terminated when sufficient data is received so that an authentication 
decision can be made. But these passively terminated data submissions are user attempts to 
duplicate previous actions chosen by the user or presented to the user for use as an authentication 
key: 

10 Historically, validation 18 has required an absolute signal 
match 5 to input 22: for example, no deviance from a 
character-based password has been permitted. With mouse 
107 movements, or other difficult-to-exactly-replicate sig- 
nals 2, however, some tolerance may be permitted. Signal 22 

15 tolerance should be allowed when appropriate, and may be 
set by software-determined protocol or user selection. For 
example, deviance up to 10% from recorded signal match 5 
for keystroke timing 211 may be acceptable. Similarly, as 
another example, mouse click location may vary within a 

20 radius of 10 pixels and still be tolerated. As multiple signals 
2 may comprise a submission 9, the need for exactness for 
any single signal 2 to properly authenticate access 97 is 
lessened. 



See Odom, col. 4, lines 10-23. Thus, according to Odom, user authentication is based on specific 
predetermined mouse gestures which a user attempts to duplicate. In contrast, according to claim 
1, mouse data is collected passively, that is, without instruction or prompt by the computing 
system and without the user being called upon to perform any particular actions or sets of 
actions. Thus, both Brown and Odom describe methods for user authentication based on user 
dupHcation of predetermined sets of actions. In both Brown and Odom, the user is expected to 
provide the same predetermined data to be granted access. According to claim 1, verification is 
based on how the user performs any series of actions, that is, based on passive data collection. 

The Advisory action states that Odom discloses a system that passively collects mouse 
movement data. Odom, col. 4, lines 31-46. Applicants respectfiilly disagree. According to 
Odom, 
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through a prescribed indication 25. With passive termination 
' 77, software terminates submission 9 without overt user 
action, but instead when a predetermined condition is met 
26. Examples of passive termination 77 include: recording 
. 35 mouse 107 movement or sound for a limited time, or until 
a certain elapsed time absent iurfher input; until suflBcient 
signal 2 has been input to allow a signal match 5; or until a 
succeeding transmission 1 of another transmission type 11 or 
signal type 21 commences, flie change of type 11 itself 
! 40 indicative of previous transmission 1 termination. For 
example, changing from cursor/mouse movement to mouse 
button clickiug may be considered a change in signal type 
21, and hence a possible basis for passive termination. 
Biometric transmission 1 is typically passively terminated 
45 77: software terminates submission 9 when sufficient bio- 
metric signals 2 hscve been recorded. 

Odom, col. 4, lines 3 1-46. The cited portion of Odom discloses passive termination of data 

collection. Furthermore, according to Odom, the data collected is part of a user submission to 

establish at least a user signature. Odom, col. 3, lines 5-15. Odom's Figs. 9-10 show how 

signatures are input in response to display of a submission screen (40). Odom, col. 4, Imes 57- 

59. Odom discloses that in some cases, a user may select which types of signals can be used for 

submissions using checkboxes. Odom, col. 5, lines 4-13. Odom states that such user input 

signals are supplied responsive to an indication of commencement of a signature input recording. 

Odom, col. 10, lines 43-44. In every case, Odom's submissions and signatures are responsive to 

a request, indication, or prompt by a computer system. Such data acquisition is active, i.e., in 

response to a request for data. Odom does disclose that active data acquisition can be passively 

terminated, but Odom fails to teach or suggest passive data collection. For at least this reason, 

claim 1 and its dependent claims are properly allowable. 

Independent claim 9 recites in part, "passively collecting behavioral biometric 

information from the mouse." Neither Brown nor Odom teaches or suggests such passive 

information collection. Brown merely discloses using predetermined keystroke sequences. 

Odom fails to cure the deficiencies of Brown. Odom describes specific sequences which must be 

duplicated, or at least approximately duplicated, by a user for authentication. In contrast, claim 9 

recites "passively collecting behavioral biometric information," i.e., collecting user data without 

any prompts for text input or requests for mouse movements. As noted above, Odom discloses 

passive termination of data collection, but fails to teach or suggest passive data collection. 
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Because Brown and Odom fail to disclose all the features of claim 9, claim 9 and its dependent 

claims are properly allowable. 

Claim rejections under 35 U.S. C. §103 in View of Brown, Odom, and Boebert or Akiyama 

Claim 3 is rejected as obvious from a combination of Brown, Odom, and Boebert et al., 
U.S. Patent 5,596,718 (hereinafter "Boebert"). Claims 4-5, 7-8, 14, and 20-22 are rejected as 
obvious from a combination of Brown, Odom, and Akiyama, U.S. Patent 5,768,387 (hereinafter 
"Akiyama"). These rejections are traversed. Claims 3-5, 7-8, 14, and 20-22 depend from 
allowable claims 1 and 9 and are allowable for at least this reason. Applicants note that, 
according to Akiyama, mouse movements are detected in response to presentation of a menu 
screen. Akiyama, col. 11, lines 42-47 and Figs. 8-10. Thus, Akiyama discloses actively 
collecting mouse movement data, and Akiyama does not disclose or suggest passive data 
collection as claimed. For this reason, Akiyama fails to cure the deficiencies of Brown and 
Odom and all pending claims are patentable over any combination of these references. In 
addition, dependent claims 3-5, 7-8, 14, and 20-22 recite additional features and combinations of 
features that are novel and non-obvious over the cited references, but to expedite prosecution, 
these rejections are not belabored fiarther herein. 

New Claims 23-26 

New dependent claims 23-24 are properly allowable as dependent from allowable 
independent claims 9 and 1, respectively. In addition, these new claims recite additional features 
that are lacking in the proposed Brown/Odom combination. For example, new claim 23 recites 
that "the behavioral biometric information from the mouse is obtained in a background process." 
In contrast, the Brown/Odom combination discloses obtaining data in response to requests for 
data, i.e., in a foreground process. New claim 24 recites "establishing] a user signature based on 
a plurality of sessions in an enrollment mode." In contrast, the Brown/Odom combination 
discloses obtaining user signatures in a single session, and the Brown/Odom combination does 
not teach or suggest acquiring data in a plurality of sessions to establish a user signature. 

New independent claims 25-26 recite additional features and combinations of features 
that are patentable over the proposed Brown/Odom/ Akiyama combination. For example, new 
independent claim 25 recites "a data interception imit for receiving inputs from a user, wherein 
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the data interception unit is configured to passively initiate collection of mouse data." As noted 
above, this feature is not disclosed in the proposed Brown/Odom/Akiyama combination. While 
Odom discloses passive termination of data collection, Odom fails to teach or suggest passive 
initiation of collection of mouse data. Independent claim 26 recites "a data interception unit for 
receiving inputs from a user, wherein the data interception unit is configured to transparently 
collect mouse data generated in response to the user." The proposed Brown/Odom/Akiyama 
combination fails to teach or suggest at least this feature. Instead of transparent collection of 
mouse data in which the data interception unit collects mouse data without affecting the 
applications for which the mouse data is intended, data collection in the proposed 
Brown/Odom/Akiyama combination is in response to a prompt such as a display screen so that 
the data is directed to an intended application such as a signature recordation application. For at 
least these reasons, new independent claims 25-26 are properly allowable. 

Summary 

The pending claims are directed to methods and apparatus that permit user authentication 
without requiring a user to duplicate passwords, passphrases, mouse sequences, or other 
predetermined submissions. In contrast, Brown and Odom merely apply biometrics to 
conventional password based systems. The novel and non-obvious claimed methods and 
apparatus permit arbitrary user input gestures to be used for authentication, and predetermined 
passwords, graphical sequences, and prompts to enter specific authentication information are not 
needed. The Odom reference explicitly acknowledges this key difference: "Computer login may 
comprise any user determined submission." See Odom, Abstract. In contrast, in the claimed 
apparatus and methods, there are no user determined submissions - the user merely begins to use 
the keyboard or the mouse. 
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Conclusion 



For at least the above reasons, all pending claims are in condition for allowance and 
action to such end is respectfully requested. If any issues arise, or if a telephone conference is 
deemed helpful, the Examiner is requested to telephone the undersigned. 

Respectfully submitted, 
KLARQUIST SPARKMAN, LLP 
One World Trade Center, Suite 1600 ^ ^ 



121 S.W. Salmon Street 
Portland, Oregon 97204 
Telephone: (503) 595-5300 
Facsimile: (503) 595-5301 



By 




Michael D. Jones 
Registration No. 41,879 
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